Computer security vulnerabilities come in all shapes and sizes; resultantly, computer security strategy must be varied and diverse to protect against exploitation of those vulnerabilities. Phishing is a particularly interesting challenge for computer security implementation because it is not solely a technological problem, as phishing relies on exploitation of a vulnerability not easily rectified-human weakness.
Attackers commonly perform phishing attacks on organizations by setting up a phishing website that copies an organization's login page (e.g., so that the phishing website is visually similar to the organization's website), where an attacker has access to credentials entered at the phishing website by a victim. After a victim enters credentials, the phishing website often redirects the victim to the organization's website in an attempt to conceal the fact that the victim's credentials were compromised.
Traditional anti-phishing approaches often lack the tools to give organizations insight and visibility into who, when, and how individuals in an organization are phished. While computer network users can be trained to recognize and report phishing attacks, it is difficult for such training to result in sufficient protection before a user's credentials are compromised; after all, only one user's mistake is needed for a phishing attack to succeed.
Thus, there is a need in the computer security field to create new and useful methods for identifying phishing websites and hindering associated activity.